According to research, ransomware groups made a significant return last year, with victims of cyber attacks paying a record-breaking $1.1 billion to the attackers.
In 2023, there was an increase in cybercrime activities worldwide after a decrease in 2022. The targets of these attacks included hospitals, schools, and large companies.
According to a report from the cryptocurrency research company Chainalysis, payments made to criminal organizations following attacks increased by double in comparison to 2022. In that year, a total of $567 million was paid out.
The report stated that “large-scale hunting” was a common tactic used in attacks in the previous year, resulting in a higher percentage of ransom payments exceeding $1 million as wealthier targets were selected.
According to Chainalysis, the year 2023 will see a significant resurgence of ransomware attacks, with unprecedented payments and a significant rise in the size and intricacy of the attacks. This trend is a significant turnaround from the decline seen in 2022.
A common tactic used in ransomware attacks is when hackers gain access to a computer network and use malicious software to render it inoperable by encrypting files. A recent trend in these attacks is when the attackers also extract sensitive information from the system, such as personal or client information. The perpetrators then demand payment in exchange for either unlocking the files or deleting their own copy of the stolen data.
According to Chainalysis, there were various reasons for the decrease in payments in 2022, one of which was the invasion of Ukraine by Russia.
The majority of ransomware groups originate from eastern Europe, specifically former Soviet republics and Russia. According to Chainalysis, certain malicious individuals were either hindered or redirected their efforts from ransomware to politically-motivated cyber espionage. A prominent hacker group, Conti, dissolved due to internal turmoil after an unidentified source who showed support for Ukraine leaked 60,000 confidential messages.
The FBI successfully interrupted the activities of the Hive ransomware group by obtaining its decryption keys, thereby preventing victims from having to pay a total of $130 million in ransom fees.
Chainalysis also referenced a study that revealed an increase in both the quantity of attackers and ransomware variations in attacks from the previous year.
“According to Allan Liska, an analyst at the cybersecurity company Recorded Future, there has been a significant increase in the number of individuals or groups responsible for launching ransomware attacks.”
Recorded Future reports that there were 538 fresh versions of ransomware in 2023, signaling the rise of distinct, autonomous groups. One notable group, Clop, gained prominence last year after admitting to hacking into payroll provider Zellis by exploiting a vulnerability in MOVEit software, commonly utilized for transferring files within internal networks. This attack impacted customers such as British Airways, Boots, and the BBC.
The British Library is currently in the process of recuperating from a ransomware assault conducted by a renamed faction known as Rhysida, which specifically targeted the establishment in October. The library has chosen not to comply with the ransom demands.
The rise of “ransomware as a service” is contributing to an increase in criminal activity. This involves hiring out malware to others in exchange for a share of the profits. Additionally, the emergence of “initial access brokers” who sell vulnerabilities in the networks of potential targets has also fueled the rise of ransomware attacks.
According to cybersecurity expert Ellie Ludlam from UK-based law firm Pinsent Masons, the rise in cyber attacks is predicted to persist.
She stated that the rise is projected to persist until 2024, and there is a continued emphasis on large-scale data theft by malicious groups, which could lead to larger ransom demands from affected businesses.
Source: theguardian.com